Skip to content

Commit 2c62aed

Browse files
hakan-perssonhakan-persson
committed
Use /auth/certs API to retrieve validation keys
1 parent 23ddb3d commit 2c62aed

File tree

1 file changed

+10
-9
lines changed

1 file changed

+10
-9
lines changed

pyapp/app/auth_dep.py

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
import logging
2-
from typing import Any, Dict
2+
from typing import Any
33
from urllib.parse import urljoin
44

55
import httpx
@@ -10,19 +10,20 @@
1010

1111
logger = logging.getLogger(__name__)
1212

13-
_jwks_keyset_cache: Dict[str, KeySet] = {}
13+
_jwks_keyset_cache: dict[str, KeySet] = {}
1414

1515

1616
class AuthenticatedUser(BaseModel):
1717
subject: str
18-
name: str | None = None
19-
preferred_username: str | None = None
18+
name: str
19+
preferred_username: str
2020
email: str | None = None
2121
roles: list[str] = Field(default_factory=list)
2222
# claims: Dict[str, Any]
2323

2424
def __str__(self) -> str:
25-
return self.preferred_username or self.subject
25+
uid = self.preferred_username or self.subject
26+
return f"{self.name} ({uid})"
2627

2728

2829
async def get_jwks_keyset(request: Request) -> KeySet | None:
@@ -34,8 +35,8 @@ async def get_jwks_keyset(request: Request) -> KeySet | None:
3435
if cache_key in _jwks_keyset_cache:
3536
return _jwks_keyset_cache[cache_key]
3637

37-
# url = urljoin(str(request.base_url), "auth/keys")
38-
url = "https://dev.id.scouterna.se/realms/jamboree26/protocol/openid-connect/certs"
38+
url = urljoin(str(request.base_url), "auth/certs")
39+
# url = "https://dev.id.scouterna.se/realms/jamboree26/protocol/openid-connect/certs"
3940
try:
4041
async with httpx.AsyncClient(timeout=5.0) as http_client:
4142
response = await http_client.get(url)
@@ -54,7 +55,7 @@ async def get_jwks_keyset(request: Request) -> KeySet | None:
5455
return None
5556

5657

57-
async def decode_access_token(token: str, request: Request) -> Dict[str, Any]:
58+
async def decode_access_token(token: str, request: Request) -> dict[str, Any]:
5859
keyset = await get_jwks_keyset(request)
5960
if keyset is None:
6061
raise HTTPException(status_code=status.HTTP_503_SERVICE_UNAVAILABLE, detail="Token validation unavailable")
@@ -69,7 +70,7 @@ async def decode_access_token(token: str, request: Request) -> Dict[str, Any]:
6970
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorized") from exc
7071

7172

72-
def _extract_roles(claims: Dict[str, Any]) -> list[str]:
73+
def _extract_roles(claims: dict[str, Any]) -> list[str]:
7374
roles = set()
7475
realm_access = claims.get("realm_access") or {}
7576
realm_roles = realm_access.get("roles") or []

0 commit comments

Comments
 (0)